npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@toknbase/mcp-server

v1.6.0

Published

MCP server for Toknbase -- zero-knowledge secrets management for AI agents

Downloads

705

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

toknbasetoknbase

Keywords

mcpsecretstoknbaseicpzero-knowledgeai-agent

Readme

@toknbase/mcp-server

Zero-knowledge secrets management for AI agents via the Model Context Protocol.

Toknbase is the only secrets manager where the host never sees your plaintext secrets. This MCP server connects your AI coding assistant to your Toknbase vault -- read, create, update, rotate, and delete secrets directly from Cursor, Windsurf, Claude Code, VS Code, Zed, and Cline.

Quick Start

1. Create an Agent Token

Log in to your Toknbase dashboard and navigate to AI Agents. Create a new token with the scope you need:

  • read_only -- list and retrieve secrets
  • read_write -- list, retrieve, create, update, rotate, and delete secrets
  • full_access -- all of the above plus folder creation and assignment

Copy the agt_ token value -- it is shown only once.

2. Add to Your Editor

Replace agt_your_token_here with your token. The canister ID is pre-configured and does not need to be set manually.

Cursor (~/.cursor/mcp.json)

{
  "mcpServers": {
    "toknbase": {
      "command": "npx",
      "args": ["-y", "@toknbase/[email protected]"],
      "env": {
        "TOKNBASE_AGENT_TOKEN": "agt_your_token_here"
      }
    }
  }
}
Claude Code (run in terminal)

claude mcp add toknbase -- npx -y @toknbase/[email protected]
export TOKNBASE_AGENT_TOKEN=agt_your_token_here
Windsurf / VS Code / Cline (mcp.json)

{
  "mcpServers": {
    "toknbase": {
      "command": "npx",
      "args": ["-y", "@toknbase/[email protected]"],
      "env": {
        "TOKNBASE_AGENT_TOKEN": "agt_your_token_here"
      }
    }
  }
}
3. Test From Terminal
TOKNBASE_AGENT_TOKEN=agt_your_token_here npx @toknbase/[email protected]
You should see:

[toknbase-mcp] Server running. Canister: xi7mc-uaaaa-aaaan-q5raa-cai
Press Ctrl+C to stop.

Available Tools (14 total)
Tool	Description	Required Scope
toknbase_list_secrets	List all secrets (names, descriptions, environments -- no plaintext values)	read_only
toknbase_get_secret	Retrieve a secret by name including its value	read_only
toknbase_search_secrets	Search secrets by name or environment filter	read_only
toknbase_create_secret	Add a new secret to the vault	read_write
toknbase_update_secret	Update a secret's value	read_write
toknbase_delete_secret	Permanently delete a secret	read_write
toknbase_rotate_secret	Rotate a secret and save the previous value to version history	read_write
toknbase_batch_create_secrets	Create up to 20 secrets in a single call	read_write
toknbase_get_audit_log	Retrieve a paginated audit log (max 100 entries per page)	read_only
toknbase_list_team_secrets	List secrets belonging to a team you are a member of	read_only
toknbase_create_folder	Create a new folder	full_access
toknbase_list_folders	List all folders	read_only
toknbase_assign_folder	Assign a secret to a folder	full_access
toknbase_get_token_info	Get the current token's name, scope, and folder restriction	read_only
Environment Variables
Variable	Required	Description
TOKNBASE_AGENT_TOKEN	Yes	Your agt_ agent token from the dashboard
TOKNBASE_CANISTER_ID	No	Override the canister ID (default: xi7mc-uaaaa-aaaan-q5raa-cai)
TOKNBASE_IC_HOST	No	Override the IC host (default: https://icp-api.io)
Security
Toknbase is zero-knowledge -- your plaintext secrets never leave your device. The MCP server communicates with the Toknbase canister on the Internet Computer, which stores only encrypted values. Decryption happens client-side in your browser using your personal key.

Every action taken by an agent token is recorded in your Toknbase cryptographic audit log under the token's name and is visible in the dashboard.

Troubleshooting
"Missing TOKNBASE_AGENT_TOKEN"
You forgot to set the env var. Add it to your editor's MCP config under env.

"Canister has no update method"
You are running an old cached version. Clear the cache and re-run with the pinned version:

rm -rf ~/.npm/_npx
npx @toknbase/[email protected]
Canister takes 30-60 seconds to respond on first call
Normal behaviour after a long idle period. The canister is warming up. Subsequent calls are fast.

Requirements
Node.js 18+
A Toknbase account with an active agent token (sign up free)